Comments (8)
You may need to convert them to Der format. I though I had made a change a while ago which automatically did this and left copies in /etc/mortar. If you can't find them, you can generate the der files with an openssl command. I don't remember which off the top of my head.
from mortar.
Yeah. We make them automatically. https://github.com/noahbliss/mortar/blob/master/1-generatesecurebootkeys.sh
from mortar.
These der files all get rejected.
I was doing some quick research on my phone the other night while wrangling with this, and saw a mention that openssl doesn't create the der files in a format that the Dell setup utility will accept (non-standard or has some extra attributes/info that has to be stripped first), but unfortunately I lost the URL.
from mortar.
Might seem useless. But try going to default with secure boot off, rebooting, enabling custom audit mode and wiping factory keys in the bios, reboot, go back into the bios to ensure its still in audit mode, then boot to system and retry 2. If it fails, then retry the manual install.
from mortar.
There is only "Custom Mode" in this bios/efi setup utility and no "audit mode" like you see in some others. It seems that it should be similar to audit mode in all the relevant ways, so I am going to try that.
I have already tried different permutations of the steps you outlined, but no dice. I'm going to follow your sequence on an identical test system and will come back with my results.
from mortar.
I did a test install on an identical machine and was able to import the keys through the script. After resetting Secure Boot it would not let me install the keys. The trick was to remove all keys in addition to toggling Secure Boot. I thought I had done that on the original machine, but perhaps not. I'm going to check if the keys can be imported in the EFI setup utility on this machine and report back.
from mortar.
Good to know the initial conclusion is good and glad you're sorting it out!
from mortar.
Feel free to re-open if this isn't resolved.
from mortar.
Related Issues (20)
- Replace sbsign with pesign
- Do Not Use This Tool at All Costs - Developer is a Fucking Moron HOT 1
- NTS: Use `shred` on tmpramfs/user.key if the system has it. HOT 3
- Mortar install fails on Manjaro. Debian installed using the Live Disk option also fails. HOT 7
- proposal: importance of PCRs HOT 2
- Issue booting in secure mode with Promxox kernels >= 5.19 HOT 16
- EFI file creation apparently broken on Arch with Linux 6.4.8 or higher HOT 3
- Using bin bash everywhere HOT 2
- Missing dep on minimal debian 11 install HOT 1
- 2-installsecurebootkeys.sh malformed/partial error message HOT 1
- Add support for Debian 12 HOT 6
- The attempt to wipe old keys on the first run of mortar causes a non critical issue.
- Use sedutil instead of luks HOT 1
- Line 61: Cryptsetup: command not found HOT 6
- Give the code some structure and add abstractions HOT 7
- Feature Request: For TPM binding, only ask for LUKS passphrase once HOT 2
- cmdline not updated with new kernel path HOT 1
- Out of Tree Unsigned Modules Cause Failure to Boot w/ New Lockdown Feature in Kernel HOT 2
- Arch - clevis-decrypt /dev/fd* error (Debian Resolved) HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mortar.